Power Shell Replacement String Variables

Fluk3

In a previous Post I mentioned that certain data from the event log can be found Replacement String.
See the Article : Track User Logon Events with Power Shell
But for every event there must surely be different replacement strings for different events.

So Below is the code I wrote to get any events Replacement String with as much explanation as I can give.

The Code Explanation

#Get-Security Events
#Here you can Modify the code for a specific instance ID
$Event = Get-EventLog Security -Newest 1
#We need to loop through the events to get every event selected Replacement String Values

forEach($EV in $Event)
{
#An array always starts with 0 so we need to start at -1 to that we can add 1 and start with 0
$C = -1
#Count how many Members the Current Event has
#This actually only gets the number of string available
$Count = $EV | Get-Member | Measure-Object –Line
$Count = $Count.Lines
#Output each Replacement String with the Detail

Do
{
#Increment the Count Variable
$C ++
#Get the Members Name
$EVMemberName = $EV | Get-Member | Select -Index ($C) | select name
$EVMemberName = $EVMemberName.Name
#Get the Members Data
$EVO = $EV | Select @{Name=”Data”;Expression={ $_.ReplacementStrings[$C] }}
$Evo = $EVO.Data
#Create a Variable to output the data
$Outfile = New-Object PSObject
#Add each member into the out put file
$Outfile | Add-Member Name $EVMemberName
$Outfile | Add-Member Data $Evo
#Write to desired Location
Write-Output $Outfile
}Until ($C -eq $Count)
}

This code can be copied and Paste into PowerShell to work immediately.

Hope this is helpful.

Fluk3 Out

********************************************************

If you liked what you read Please Share.
I’d love it if you followed me on YouTube and Facebook.

Also, feel free to subscribe to my posts by email.
Donations for the site can be made here.
Thanks for reading.

Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *